first commit

2026-02-13 12:42:53 +01:00
commit bc1b4279de
21 changed files with 3835 additions and 0 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,257 @@
+# ============================================================
+# CVE MONITOR - CONFIGURATION FILE
+# ============================================================
+# Copy this file to .env and adjust values for your environment
+
+
+# ============================================================
+# APPLICATION SETTINGS
+# ============================================================
+APP_NAME=CVE Monitor
+APP_VERSION=1.0.0
+DEBUG=False
+HOST=0.0.0.0
+PORT=5000
+
+
+# ============================================================
+# DATABASE CONFIGURATION
+# ============================================================
+DATABASE_PATH=./cve_db/cve_cache.db
+DATABASE_WAL_MODE=True
+DATABASE_CACHE_SIZE=10000
+
+
+# ============================================================
+# LOGGING CONFIGURATION
+# ============================================================
+LOG_LEVEL=INFO
+LOG_FORMAT=%(asctime)s - %(name)s - %(levelname)s - %(message)s
+LOG_FILE=./logs/cve_monitor.log
+LOG_MAX_BYTES=10485760
+LOG_BACKUP_COUNT=5
+
+
+# ============================================================
+# AUTO-UPDATE CONFIGURATION
+# ============================================================
+# Enable automatic CVE updates in background
+ENABLE_AUTO_UPDATE=True
+
+# How often to check for new CVEs (in hours)
+UPDATE_INTERVAL_HOURS=1
+
+# How many days back to fetch CVEs on first run
+INITIAL_LOOKBACK_DAYS=365
+
+# Cache duration in hours before considering data stale
+CACHE_HOURS=24
+
+
+# ============================================================
+# EXTERNAL API KEYS (Optional but Recommended)
+# ============================================================
+# NVD API Key - Get yours at: https://nvd.nist.gov/developers/request-an-api-key
+# Without API key: 5 requests per 30 seconds
+# With API key: 50 requests per 30 seconds
+NVD_API_KEY=
+
+# GitHub Personal Access Token - Get yours at: https://github.com/settings/tokens
+# Increases rate limit from 60 to 5000 requests per hour
+GITHUB_TOKEN=
+
+
+# ============================================================
+# API ENDPOINTS (Advanced - Don't change unless necessary)
+# ============================================================
+NVD_API_URL=https://services.nvd.nist.gov/rest/json/cves/2.0
+GITHUB_ADVISORIES_URL=https://api.github.com/advisories
+NVD_TIMEOUT=30
+GITHUB_TIMEOUT=15
+
+
+# ============================================================
+# GUNICORN CONFIGURATION (Production)
+# ============================================================
+WORKERS=4
+WORKER_TIMEOUT=120
+WORKER_CLASS=sync
+MAX_REQUESTS=1000
+MAX_REQUESTS_JITTER=50
+
+
+# ============================================================
+# SECURITY SETTINGS
+# ============================================================
+# Enable/disable security headers
+ENABLE_SECURITY_HEADERS=True
+
+# Enable rate limiting to prevent abuse
+ENABLE_RATE_LIMITING=True
+
+# Rate limit: requests per minute per IP
+RATE_LIMIT_PER_MINUTE=60
+
+# Enable gzip compression
+ENABLE_COMPRESSION=True
+
+# Enable ETag for caching
+ENABLE_ETAG=True
+
+# Content Security Policy
+CSP_DEFAULT_SRC='self'
+CSP_SCRIPT_SRC='self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com
+CSP_STYLE_SRC='self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com
+CSP_FONT_SRC='self' cdnjs.cloudflare.com
+CSP_IMG_SRC='self' data:
+CSP_CONNECT_SRC='self' cdn.jsdelivr.net
+
+# X-Frame-Options: DENY, SAMEORIGIN, or ALLOW-FROM uri
+X_FRAME_OPTIONS=DENY
+
+# HSTS max age in seconds (1 year = 31536000)
+HSTS_MAX_AGE=31536000
+
+
+# ============================================================
+# FEATURE FLAGS
+# ============================================================
+# Enable/disable specific features
+ENABLE_CHARTS=True
+ENABLE_SEARCH=True
+ENABLE_EXPORT=True
+ENABLE_DARK_MODE=True
+ENABLE_PAGINATION=True
+
+
+# ============================================================
+# UI CONFIGURATION
+# ============================================================
+# Items per page in CVE list
+ITEMS_PER_PAGE=50
+
+# Maximum search results to display
+MAX_SEARCH_RESULTS=50
+
+
+# ============================================================
+# CDN URLS (for offline use, download and host locally)
+# ============================================================
+BOOTSTRAP_CSS_CDN=https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css
+BOOTSTRAP_JS_CDN=https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js
+FONTAWESOME_CDN=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css
+CHARTJS_CDN=https://cdn.jsdelivr.net/npm/chart.js@4.4.1/dist/chart.umd.js
+
+
+# ============================================================
+# DOCKER SPECIFIC SETTINGS
+# ============================================================
+# Set to True when running inside Docker
+IS_DOCKER=False
+
+# Timezone for Docker container
+TZ=Europe/Warsaw
+
+
+# ============================================================
+# MONITORED VENDORS
+# ============================================================
+# Comma-separated list of vendor codes to monitor
+# Available: microsoft,apple,fortinet,cisco,adobe,oracle,google,linux,vmware,paloalto,docker,kubernetes
+MONITORED_VENDORS=microsoft,apple,cisco,fortinet,oracle,google,linux
+
+
+# ============================================================
+# NOTIFICATION SETTINGS (Future Feature)
+# ============================================================
+# Discord webhook for critical CVE notifications
+DISCORD_WEBHOOK_URL=
+
+# Slack webhook for notifications
+SLACK_WEBHOOK_URL=
+
+# Email notifications
+SMTP_SERVER=
+SMTP_PORT=587
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_FROM=cve-monitor@example.com
+SMTP_TO=admin@example.com
+
+# Notification thresholds
+NOTIFY_ON_CRITICAL=True
+NOTIFY_ON_HIGH=False
+NOTIFY_MIN_CVSS=9.0
+
+
+# ============================================================
+# BACKUP CONFIGURATION
+# ============================================================
+# Enable automatic database backups
+ENABLE_BACKUPS=True
+
+# Backup directory
+BACKUP_DIR=./backups
+
+# How many backup files to keep
+BACKUP_RETENTION_DAYS=30
+
+# Backup interval in hours
+BACKUP_INTERVAL_HOURS=24
+
+
+# ============================================================
+# PROMETHEUS METRICS (Future Feature)
+# ============================================================
+ENABLE_METRICS=False
+METRICS_PORT=9090
+
+
+# ============================================================
+# DEVELOPMENT SETTINGS
+# ============================================================
+# Enable Flask debug toolbar (development only)
+FLASK_DEBUG_TOOLBAR=False
+
+# Enable SQL query logging
+SQL_DEBUG=False
+
+# Disable security features for local development
+# WARNING: Never use in production!
+DEV_MODE=False
+
+
+# ============================================================
+# HEALTH CHECK
+# ============================================================
+# Health check endpoint timeout
+HEALTH_CHECK_TIMEOUT=5
+
+
+# ============================================================
+# CORS SETTINGS (if using as API backend)
+# ============================================================
+ENABLE_CORS=False
+CORS_ORIGINS=*
+
+
+# Discord Bot Configuration
+ENABLE_DISCORD_BOT=True
+DISCORD_BOT_TOKEN=YOUR_BOT_TOKEN_HERE
+DISCORD_CHANNEL_ID=1234567890123456789
+DISCORD_CHECK_INTERVAL_MINUTES=60
+DISCORD_NOTIFY_CRITICAL=True
+DISCORD_NOTIFY_HIGH=True
+DISCORD_MIN_CVSS=7.0
+
+
+# ============================================================
+# NOTES
+# ============================================================
+# 1. Boolean values: True/False (case-sensitive)
+# 2. Empty values will use defaults from config.py
+# 3. Paths can be absolute or relative to project root
+# 4. For production, always set DEBUG=False
+# 5. Get NVD API key to avoid rate limits
+# 6. Use strong CSP in production
+# 7. Enable HTTPS in production (handled by reverse proxy)